Researchers have released a report dissecting the BooXtream 'Social DRM' eBook watermarking system. Inspired by publisher Verso who refused to remove the DRM from an Aaron Swartz book, the Institute for Biblio-Immunology responded by tearing down the privacy-busting system.

The unauthorized copying and distribution of copyrighted content is a multi-billion dollar puzzle that entertainment industry companies are desperate to solve.

As such, anti-piracy companies are always trying to come up with new ways to stop people from sharing that material online. With that an almost impossible task, some have taken to watermarking instead, with the aim of tracking content and providing a trail back to the source.

What watermarking (so-called ‘Social DRM’) offers over more traditional DRM mechanisms is that it limits inconvenience to the end user and doesn’t hinder file compatibility across devices. However, it does have serious privacy implications for those using ‘infected’ files.

This problem has become a thorn in the side of a group of researchers calling themselves the Institute for Biblio-Immunology. In an email sent to TorrentFreak this week, the group detailed its work against the BooXtream watermarking system offered by Dutch company Icontact.

It all began when publisher Verso Books published an eBook version of Aaron Swartz’s ‘The Boy Who Could Change the World’. This edition of the book prompted an angry response from some quarters and the addition of BooXtream watermarks only made matters worse.

The problem is that BooXtream embeds the personal details of the eBook buyer into the book itself, and this stays with the file forever. If that book turns up anywhere where it shouldn’t, that purchaser can be held responsible.

Sean B. Palmer, the “virtual executor” of Aaron Swartz, subsequently asked Verso to remove the watermarks. They refused and it lit a fire under the Institute for Biblio-Immunology (IBI).

After a long process dissecting BooXtream’s ‘Social DRM’ the researchers have now published a lengthy communique which reveals how the watermarking system works and can be defeated.

Speaking with TorrentFreak, IBI says its motivation is clear. Books should inform buyers, not breach their privacy.

“Books should be used as tools for disseminating knowledge and information. What ‘social DRM’ watermarking systems do instead is turn books into tools of surveillance and oppression by monitoring who shares what knowledge, where,” IBI explain.

“We don’t like this, and because the publisher Verso has refused to remove the watermarks themselves, we decided to do it for them, and to show everyone how these systems work.”

But there are bigger issues at stake. While people in the West take the freedom to read books of their choosing for granted, not everyone has that luxury.

“Imagine if a watermarked ebook contains someone’s name (as many do). Suppose that someone is reading that watermarked ebook under a regime that bans the particular kind of material covered in that book,” IBI add.

“If the operatives of the regime see the watermark, they would then be able to arrest and perhaps even execute the purchaser of the ebook if they too are living under the same regime.”

But matters of life and death aside, IBI say they believe that people should not only be able to read whatever they want, they should also be able to share that knowledge with others.

“That’s how information spreads across cultures, through unrestrained, free propagation of knowledge. Watermarking systems attempt to corrupt these vectors of knowledge transmission by identifying and then filing legal action against some readers,” they conclude.

The lengthy report can be found here. Much of it is fairly technical but in a follow-up email, IBI pointed TF to a Github page containing a script to automate the processes detailed in their communique.

It’s likely that BooXtream will respond to this provocation so the war for free access to information and privacy isn’t over just yet.